From c8ebf02e309794831386c1770caaa2c35edc5a16 Mon Sep 17 00:00:00 2001
From: Chteufleur <chteufleur@kingpenguin.tk>
Date: Wed, 11 Jan 2017 22:40:54 +0100
Subject: [PATCH] Add a token on login form (for XMPP auth).

---
 controllers/login.go  | 11 +++++++----
 models/utils/utils.go | 16 ++++++++++++++++
 views/login.tpl       |  6 ++++--
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/controllers/login.go b/controllers/login.go
index 8790ff6..5ef17fc 100644
--- a/controllers/login.go
+++ b/controllers/login.go
@@ -4,6 +4,7 @@ import (
 	"github.com/astaxie/beego"
 
 	"git.kingpenguin.tk/chteufleur/datahouse.git/models/user"
+	"git.kingpenguin.tk/chteufleur/datahouse.git/models/utils"
 	"git.kingpenguin.tk/chteufleur/datahouse.git/models/variables"
 
 	"net/http"
@@ -33,6 +34,7 @@ func (c *LoginController) Get() {
 		return
 	}
 
+	c.Data["token"] = utils.TokenGenerator(8)
 	c.TplName = "login.tpl"
 }
 
@@ -51,8 +53,9 @@ func (c *LoginController) Post() {
 
 	login := c.GetString("login")
 	passwd := c.GetString("password")
+	token := c.GetString("token")
 
-	if !isLoginOK(login, passwd) {
+	if !isLoginOK(login, passwd, token) {
 		c.Abort("403")
 	}
 
@@ -64,7 +67,7 @@ func (c *LoginController) Post() {
 	}
 }
 
-func isLoginOK(lgn, pwd string) bool {
+func isLoginOK(lgn, pwd, token string) bool {
 	ret := false
 	usr := user.GetUserByLogin(lgn)
 	if usr.Id == 0 {
@@ -74,9 +77,9 @@ func isLoginOK(lgn, pwd string) bool {
 	log.Info("Standard auth")
 	ret = pwd != "" && pwd == usr.Password
 
-	if !ret && usr.JID != "" {
+	if !ret && usr.JID != "" && token != "" {
 		log.Info("Auth by JID")
-		resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=datahouse")
+		resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=" + token)
 		httpStatusCode := resp.StatusCode
 		if resp != nil && httpStatusCode == 200 {
 			ret = true
diff --git a/models/utils/utils.go b/models/utils/utils.go
index 99db504..01be234 100644
--- a/models/utils/utils.go
+++ b/models/utils/utils.go
@@ -3,9 +3,14 @@ package utils
 import (
 	"github.com/astaxie/beego/orm"
 
+	"crypto/rand"
 	"time"
 )
 
+const (
+	dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+)
+
 func GetString(m orm.Params, param string) string {
 	ret := ""
 	switch i := m[param].(type) {
@@ -38,3 +43,14 @@ func GetTime(m orm.Params, param string) time.Time {
 
 	return ret
 }
+
+func TokenGenerator(length int) string {
+	var bytes = make([]byte, length)
+	if _, err := rand.Read(bytes); err != nil {
+		panic(err)
+	}
+	for k, v := range bytes {
+		bytes[k] = dictionary[v%byte(len(dictionary))]
+	}
+	return string(bytes)
+}
diff --git a/views/login.tpl b/views/login.tpl
index a8d6e69..5457893 100644
--- a/views/login.tpl
+++ b/views/login.tpl
@@ -31,14 +31,16 @@
       <form id="loginForm" class="form-signin" action="/login" method="POST">
         <h2 class="form-signin-heading">Login</h2>
         <label for="inputEmail" class="sr-only">Email address</label>
-        <input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus>
+        <input name="token" type="hidden" value="{{.token}}" />
+        <input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus />
         <label for="inputPassword" class="sr-only">Password</label>
-        <input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
+        <input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" />
         <!-- <div class="checkbox">
           <label>
             <input type="checkbox" value="remember-me"> Remember me
           </label>
         </div> -->
+        <center><p>Token: {{.token}}</p></center>
         <button class="btn btn-lg btn-primary btn-block" type="submit">Laisse moi entrer</button>
       </form>